This post contains short notes on HOW-TO add simple pptp based VPN server in Ubuntu. It it useful in many scenarios example if you have Linux server in the office, and want to connect to it from anywhere in the world. OR you can use it in a situation where you want your billing server to act like a centralized billing system for all the remote locations NAS.
Ideally you should have static Public IP on this vpn server, but you can bypass this requirement by adding an DDNS name as well as a workaround like changeip.com. I remember that I did similar configuration at some philippine network and one at cloud.
Components Used:
OS = Ubuntu 12.4 on Cloud with static Public IP address
Clients = Windows 7 / Mikrotik Routerboards
Let’s Start…
Install PPTPD Package
Install PPTPD package in ubuntu by issuing following command
sudo apt-get -y install pptpd
Now Issue following to add vpn server options like local/remote ip addresses. I used echo command to directly insert text/data into the config files rather than editing by nano/vim. use whatever is easier for you.
# This will be the virtual ip of the vpn server echo "localip 1.1.1.1" >> /etc/pptpd.conf # Remote vpn client will get IP from this ip pool range echo "remoteip 1.1.1.2-10" >> /etc/pptpd.conf #This is to provide DNS , but in this example I really dont need natting for remote vpn client, #as remote mikrotik will sue this server for radius autehnticaiton only, not as there default gateway 🙂 echo "ms-dns 8.8.8.8" >> /etc/pptpd.conf
Add a TEST account for client in /etc/ppp/chap-secrets
echo "YOURID pptpd YOURPASSWORD *" >> /etc/ppp/chap-secrets
Description:
YOURID = username for remote vpn client
pptpd = service type
YOURPASS = Password for remote vpn client
* = any ip from the pool, if you want to provide same ip to client every time, add ip like 1.1.1.2
TIP:
To Assign static ip to any remote vpn client
To assign static ip to remove vpn client, you can use following
zaibid pptpd zaibpassword 192.168.100.25
Finally restart pptpd service …
/etc/init.d/pptpd restart
Make sure the service is started
service pptpd status
or
ps aux |grep pptpd
If you see it’s running, our Server End is probably OK.
VPN CLIENT in WINDOWS 7
Create a VPN dialer in Windows
Snapshots just for reference …
VPN (pptp) CLIENT in Mikrotik RouterOS
VPN Server Log Window.
(You can enable log in by uncomment word #debug in /etc/pptpd.conf)
tail -f /var/log/syslog
[Ubuntu]
Sep 27 04:15:22 radius pptpd[7582]: MGR: Launching /usr/sbin/pptpctrl to handle client Sep 27 04:15:22 radius pptpd[7582]: CTRL: local address = 192.168.0.1 Sep 27 04:15:22 radius pptpd[7582]: CTRL: remote address = 192.168.0.234 Sep 27 04:15:22 radius pptpd[7582]: CTRL: pppd options file = /etc/ppp/pptpd-options Sep 27 04:15:22 radius pptpd[7582]: CTRL: Client X.X.X.X control connection started Sep 27 04:15:22 radius pptpd[7582]: CTRL: Received PPTP Control Message (type: 1) Sep 27 04:15:22 radius pptpd[7582]: CTRL: Made a START CTRL CONN RPLY packet Sep 27 04:15:22 radius pptpd[7582]: CTRL: I wrote 156 bytes to the client. Sep 27 04:15:22 radius pptpd[7582]: CTRL: Sent packet to client Sep 27 04:15:22 radius pptpd[7582]: CTRL: Received PPTP Control Message (type: 7) Sep 27 04:15:22 radius pptpd[7582]: CTRL: Set parameters to 10000000 maxbps, 100 window size Sep 27 04:15:22 radius pptpd[7582]: CTRL: Made a OUT CALL RPLY packet Sep 27 04:15:22 radius pptpd[7582]: CTRL: Starting call (launching pppd, opening GRE) Sep 27 04:15:22 radius pptpd[7582]: CTRL: pty_fd = 6 Sep 27 04:15:22 radius pptpd[7582]: CTRL: tty_fd = 7 Sep 27 04:15:22 radius pptpd[7582]: CTRL: I wrote 32 bytes to the client. Sep 27 04:15:22 radius pptpd[7582]: CTRL: Sent packet to client Sep 27 04:15:22 radius pptpd[7583]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd Sep 27 04:15:22 radius pptpd[7583]: CTRL (PPPD Launcher): local address = 192.168.0.1 Sep 27 04:15:22 radius pptpd[7583]: CTRL (PPPD Launcher): remote address = 192.168.0.234 Sep 27 04:15:22 radius pppd[7583]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Sep 27 04:15:22 radius pppd[7583]: pppd 2.4.5 started by root, uid 0 Sep 27 04:15:22 radius pppd[7583]: Using interface ppp0 Sep 27 04:15:22 radius pppd[7583]: Connect: ppp0 <--> /dev/pts/1 Sep 27 04:15:22 radius pptpd[7582]: GRE: Bad checksum from pppd. Sep 27 04:15:22 radius pptpd[7582]: GRE: accepting packet #0 Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #1 Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #2 Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #3 Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #4 Sep 27 04:15:23 radius pppd[7583]: peer from calling number "X.X.X.X" authorized Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #5 Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #6 Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #7 Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #8 Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #9 Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #10 Sep 27 04:15:23 radius pppd[7583]: MPPE 128-bit stateless compression enabled Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #11 Sep 27 04:15:23 radius pptpd[7582]: GRE: accepting packet #12 Sep 27 04:15:24 radius pptpd[7582]: GRE: accepting packet #13 Sep 27 04:15:24 radius pptpd[7582]: GRE: accepting packet #14 Sep 27 04:15:24 radius pppd[7583]: Cannot determine ethernet address for proxy ARP Sep 27 04:15:24 radius pppd[7583]: local IP address 192.168.0.1 Sep 27 04:15:24 radius pppd[7583]: remote IP address 192.168.0.234 Sep 27 04:15:52 radius pptpd[7582]: CTRL: Received PPTP Control Message (type: 5) Sep 27 04:15:52 radius pptpd[7582]: CTRL: Made a ECHO RPLY packet Sep 27 04:15:52 radius pptpd[7582]: CTRL: I wrote 20 bytes to the client. Sep 27 04:15:52 radius pptpd[7582]: CTRL: Sent packet to client Sep 27 04:15:53 radius pptpd[7582]: GRE: accepting packet #15
TIP:
Forward PPTP port from mikrotik to local VPN server
/ip firewall nat add action=dst-nat chain=dstnat comment="Forward PPTP protocol TCP/1723 to Local Radius where VPN server is configured" dst-address=PUBLI.IP dst-port=1723 protocol=tcp \ to-addresses=192.168.100.1
thanks u too much dear Bro……waiting for this for long time
LikeLike
Comment by patel Deepak — September 27, 2016 @ 10:10 AM
Internet is not working after connection!
LikeLike
Comment by Jahanzeb Abbasi — September 27, 2016 @ 10:56 AM
internet shouldn’t be working as I already explained in the comments. If you make a habit of FOCUSING while READING and not skipping the COMMENTS, you should have already know why its not working.
In this example I clearly mentioned that its just to access the server itself only, not for internet. for internet you should add some iptables base rules in order to masquerade traffic. examples are here.
https://help.ubuntu.com/community/PPTPServer
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — September 27, 2016 @ 11:06 AM
yeah i have add rules after adding rules internet is working! softether vpn server is good option for remote connectivity!
LikeLike
Comment by Jahanzeb Abbasi — September 27, 2016 @ 12:31 PM